RSS   Podatności dla 'Efiction'   RSS

2008-06-18
 
CVE-2008-2754

CWE-89
 

 
SQL injection vulnerability in toplists.php in eFiction 3.0 and 3.4.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the list parameter.

 
2007-02-26
 
CVE-2007-1118

 

 
Multiple PHP remote file inclusion vulnerabilities in eFiction 3.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path_to_smf parameter to (1) bridges/SMF/logout.php or (2) get_session_vars.php.

 
2006-08-28
 
CVE-2006-4427

 

 
index.php in eFiction before 2.0.7 allows remote attackers to bypass authentication and gain privileges by setting the (1) adminloggedin, (2) loggedin, and (3) level parameters to "1".

 


Copyright 2024, cxsecurity.com

 

Back to Top